Renault’s U.K. organization has issued a warning that personal data from an unspecified number of customers may have been compromised.
The company was informed by one of its third-party data processing providers that some customers’ personal data had been taken from their system in a cyberattack, Renault said in an emailed statement to WardsAuto.
The data stolen includes customer names, addresses, dates of birth, gender, phone number, vehicle identification numbers and vehicle registration details.
Renault in its statement assured consumers that no financial or password data was compromised.
The automaker adds that “the third-party provider has confirmed this is an isolated incident which has been contained, and we are working with it to ensure that all appropriate actions are being taken. We have notified all relevant authorities,” according to the statement.
The company also confirmed that no Renault Group U.K. systems have been compromised and that it is currently in the process of advising potentially affected consumers of the attack.
This attack, while not of the magnitude of the recent Jaguar Land Rover global shutdown of production, illustrates the variety of cyberattack surfaces that exist as a risk for the modern automaker, according to Dray Agha, senior manager of security operations at managed cybersecurity platform Huntress.
“The Renault breach is a textbook case for why a ‘Zero Trust’ framework must extend beyond your own network to encompass your entire supply chain,” Agha said in an email to WardsAuto.
He said that automakers must not rely on trust but should verify all their external vendors who have access to company data.
“Every third-party connection should be treated as a potential attack vector, requiring strict identity verification and least-privilege access controls,” Agha added.
By adopting a ‘Zero Trust’ strategy an automaker can limit the damage of a cyberattack by “segmenting access and enforcing policies that grant vendors only the minimum data required for their specific task,” he said.
Meanwhile Renault is directing concerned customers to its website for advice on protecting personal data or to contact its Data Protection Officer at [email protected].
